Kon-Boot on a USB

[trklisted at networksamurai.org (mOses)]

Well I can tell you that it will work again active directory accounts  
HOWEVER when you read the documentation and in your testing what  
you'll find is that since the credentials entered do not match the  
active directory network credentials you don't have access to network  
resources. It would seem to me that what this does is that it will  
patch the system in memory in order to tell the local system service  
(or winlogon) that your username did match what was in the LSASS  
process (or something to that).

Now what I was trying to prove was that it will work when WIL (windows  
integrated login; meaning no actual password prompt in the FDE/WDE in  
pointsec is required).

now secondly and more interestingly I tested this on an encrypted  
debian system by entering the decryption password (which is different  
than root) and it worked! (kon-usr was able to login!).

So basically COLD-BOOT attack against LUKS + Kon-Boot on ubuntu/debian  
will work.... scary.

M
On Jul 8, 2009, at 10:27 PM, PJ Velasco wrote:

> I use PGP Desktop 9.10 full disk encryption on a Windows XP SP3 laptop
> and it did not work because I got the PGP prompt to unlock the disk
> after the initial KonBoot splash screen.  I entered my PGP password to
> continue the boot process, but I had to enter my actual Windows
> credentials at the Windows login screen to successfully log in, so no
> go even if someone knows the PGP password.  I also have an Ubuntu 9.10
> laptop running disk encryption and the result was just like the PGP
> result.  I successfully got it to work on a Debian system (VMware
> guest), but not my Fedora Core system (again VMWare guest).  Very
> sweet tool.  I showed all the guys at work and they loved it.
> Tomorrow we are going to see if it will work with an Active Directory
> account.  I have only tested with local accounts.
>
> On Wed, Jul 8, 2009 at 9:16 PM, mOses<trklisted at networksamurai.org>  
> wrote:
> > Just wanted to put my 2 cents on testing for everyone on the list
> > interested.
> >
> > Kon-Boot on a Windows XP SP3 box w/ TrueCrypt WDE (FDE) did not work.
> > Gave me an error about the BIOS being to big and that it wanted me to
> > change the motherboard(?)
> >
> > Kon-Boot on a Windows Vista Business running PointSec for PC (server/
> > client edition) with Windows Integrated Login (which I don't enjoy
> > having) did not work either. Dies right before the OS loads.
> >
> > Irongeek USB Boot did not work at all on that box it hung at a place
> > before that (loading the Pointsec system).
> >
> > Anyone else try with Bitlocker or another type of FDE/WDE like PGP
> > enterprise?
> >
> > I think the author can fix these issues or if he opens the source
> > someone else may do it, although it was all written in TASM32 so
> > probably only those who remember what TSR programs were can do it :)
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com